Jump to content

Recommended Posts

Hello, All -

Cleaning a buddy's computer (XP media center edition) using these instructions.

Things seem to have gone well, though there are still some missing shortcuts. Almost all of the shortcuts in Start / All Programs are still missing though the folder structure is visible. There are a few still there, but they seem to be shortcuts located in Documents and settings\UserName\Start Menu. Shortcuts derived from the location \All Users\Start Menu seem to be "gone".

When I use Windows Explorer to navigate to \All Users\Start Menu, I can not see any shortcuts even when Showing Hidden Files and Not Hiding Protected OS Files. I also can not see them when in DOS and Dir /A:H.

UnHide dot exe was used during this procedure, and seemed to have sucess in many other areas.

Any way to tell if these shortcuts are really gone, or moved, or just really well hidden? Any advice is appreciated!

Thanks!

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

If this doesn't work, then they're gone:

Please download Unhide.exe by Grinler and save it to your Desktop.

Run it, then restart your computer.

Hello, Screen,

Thanks for your reply! Unfortunatly, I've become pretty sick since my post and have not returned to my workplace which is where the infected computer is.

I did run unhide.exe (though I forget the source) before my original post and it did restore / unhide shortcuts on the desktop, for example.

The account that I am working with on that computer does have administrative privs.

Other than the DOS and Win steps I mentioned before, is there any other way to verify that those folders are truly empty?

I had not seen mention of this malware truly *deleting* shortcuts anywhere. Have you?

Again, thanks!

Link to post
Share on other sites

It only moves the shortcuts; it doesn't delete them, yes.

If you've cleaned your temp files, then the moved shortcuts will have been permanently removed.

Got it, and that's probably what happened. Thought they were just hidden attributted. Thanks for your help and replies; hopefully this is all of the assistance I need.

Link to post
Share on other sites

  • Staff

Great. :)

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.